Conditional access policy & IPv6

%3CLINGO-SUB%20id%3D%22lingo-sub-1737586%22%20slang%3D%22en-US%22%3EConditional%20access%20policy%20%26amp%3B%20IPv6%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1737586%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3EI%20created%20a%20conditional%20access%20policy%20to%20block%20all%20locations%2C%20excluding%20Australia%20and%20Singapore.%20This%20works%20great%20for%20users%20logging%20in%20using%20IPv4%2C%20however%20it%20blocks%20those%20using%20IPv6.%20I%20logged%20a%20call%20with%20MS%20and%20got%20confirmation%20that%20%22at%20the%20moment%20by%20Design%2C%20the%20Countries%20tab%20in%20Conditional%20Access%20feature%20does%20not%20include%20IPV6%20addresses%20option.%20It%20only%20covers%20IPV4.%22.%3C%2FP%3E%3CP%3EOne%20of%20the%20largest%20ISPs%20(if%20not%20the%20largest)%20here%20in%20Australia%20uses%20dynamic%20IPv6%20by%20default!%20Loction%20can't%20be%20be%20mapped%20to%20Australia%2C%20so%20conditional%20access%20blocks%20the%20sign%20in!%3C%2FP%3E%3CP%3EWhy%20can't%20Conditional%20Access%20do%20an%20IPv6%20lookup%3F%20Thats%20what%20the%20team%20over%20at%20APNIC%20do%3F%3C%2FP%3E%3CP%3EAny%20thoughts%20on%20the%20matter%3F%3C%2FP%3E%3CP%3ETa.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1737586%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eipv6%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1738163%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20access%20policy%20%26amp%3B%20IPv6%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1738163%22%20slang%3D%22en-US%22%3EUnfortunately%20there%20isn't%20much%20to%20say.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20agree%20that%20IPv6%20support%20is%20needed.%20But%20as%20of%20now%2C%20it's%20not%20supported%20in%20Conditional%20Access.%3CBR%20%2F%3E%3CBR%20%2F%3EMicrosoft%20is%20aware%20of%20this%2C%20but%20I%20don't%20know%20of%20any%20timeline%20when%20this%20will%20be%20implemented%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi there,

I created a conditional access policy to block all locations, excluding Australia and Singapore. This works great for users logging in using IPv4, however it blocks those using IPv6. I logged a call with MS and got confirmation that "at the moment by Design, the Countries tab in Conditional Access feature does not include IPV6 addresses option. It only covers IPV4.".

One of the largest ISPs (if not the largest) here in Australia uses dynamic IPv6 by default! Loction can't be be mapped to Australia, so conditional access blocks the sign in!

Why can't Conditional Access do an IPv6 lookup? Thats what the team over at APNIC do?

Any thoughts on the matter?

Ta.

2 Replies
Highlighted
Unfortunately there isn't much to say.

I agree that IPv6 support is needed. But as of now, it's not supported in Conditional Access.

Microsoft is aware of this, but I don't know of any timeline when this will be implemented
Highlighted

@Thijs Lecomte Hi there Thijs. What I've had to do is to create a named location and tick the " Include unknown areas" option. I've added this location as an exclusion to the policy. Not ideal, but any IPv6 traffic should now be allowed.